Authentication and Authorization Auditable Event Methods for Confluent Cloud Schema Registry

Confluent Cloud audit logs contain records of auditable events for authentication and authorization actions on Confluent Cloud Schema Registry and Stream Catalog. When an auditable event occurs, a message is sent to the audit log and is stored as an audit log record.

Authentication auditable event methods for Schema Registry and Stream Catalog

Included here are the authentication actions, or operations, on Confluent Cloud Schema Registry and Confluent Cloud Stream Catalog that generate auditable event messages for the io.confluent.sg.server/authentication event.

Auditable event methods

schema-registry.Authentication
A request to authenticate to Schema Registry using an API key or token.

Examples of authentication auditable event messages

schema-registry.Authentication

The schema-registry.Authentication event method is triggered by a request for authentication to Schema Registry using an API key or token.

SUCCESS
{
  "datacontenttype": "application/json",
  "data": {
    "serviceName": "crn://confluent.cloud/",
    "methodName": "schema-registry.Authentication",
    "cloudResources": [
      {
        "scope": {
          "resources": [
            {
              "type": "ORGANIZATION",
              "resourceId": "bc64d0fb-84b7-4467-a36b-3ad3cd8c188d"
            },
            {
              "type": "ENVIRONMENT",
              "resourceId": "env-qjygy6"
            }
          ]
        },
        "resource": {
          "type": "SCHEMA_REGISTRY",
          "resourceId": "lsrc-gx9kdv"
        }
      }
    ],
    "authenticationInfo": {
      "principal": {
        "confluentUser": {
          "resourceId": "u-y35x87"
        }
      },
      "result": "SUCCESS",
      "credentials": {
        "idSecretCredentials": {
          "credentialId": "7TBXED2PT5CAKIGK"
        },
        "mechanism": "HTTP_BASIC"
      }
    },
    "requestMetadata": {
      "requestId": [
        "8406167c-8c05-11ed-8f14-5f38e5250914"
      ]
    },
    "resourceName": "crn://confluent.cloud/organization=bc64d0fb-84b7-4467-a36b-3ad3cd8c188d/environment=env-qjygy6/schema-registry=lsrc-gx9kdv"
  },
  "subject": "crn://confluent.cloud/organization=bc64d0fb-84b7-4467-a36b-3ad3cd8c188d/environment=env-qjygy6/schema-registry=lsrc-gx9kdv",
  "specversion": "1.0",
  "id": "7fced40b-f893-429e-aa08-be584268379a",
  "source": "crn://confluent.cloud/",
  "time": "2023-01-04T07:58:03.708Z",
  "type": "io.confluent.sg.server/authentication"
}

The two sections below include the auditable event methods for Confluent Cloud Schema Registry and Confluent Cloud Stream Catalog that generate auditable event messages for the io.confluent.sg.server/authorization event.

Authorization auditable event methods for Schema Registry

Included here are the authorization actions, or operations, on Schema Registry that generate auditable event messages for the io.confluent.sg.server/authorization event type.

Auditable event methods

Each of the following auditable event methods is triggered by a request to the Schema Registry API. Each method listed includes the action triggering an auditable event message and the associated Schema Registry API request.

DeleteSubject

Deletes the specified subject and its associated compatibility level if registered.

DELETE /subjects/(string: subject)

RegisterSchema

Register a new schema under the specified subject. (Essentially, create a new schema.)

POST /subjects/(string: subject)/versions

LookUpSchemaUnderSubject

Check if a schema has already been registered under the specified subject.

POST /subjects/(string: subject)

DeleteSchemaVersion

Deletes a specific version of the schema registered under this subject.

DELETE /subjects/(string: subject)/versions/(versionId: version)

Authorization auditable event methods for Stream Catalog

Included here are the authorization actions, or operations, on Confluent Cloud Stream Catalog that generate auditable event messages for the io.confluent.sg.server/authorization event type.

Auditable event methods

Each of the following auditable event methods is triggered by a request to the Stream Catalog API. Each method listed includes the action triggering an auditable event message and the associated Stream Catalog API request.

PartialEntityUpdate

Partially update an entity.

PUT catalog/v1/entity

CreateTags

Triggered by a request to create tags.

POST catalog/v1/entity/tags

UpdateTags

Triggered by a request to update tags.

PUT catalog/v1/entity/tags

DeleteTag

Delete a tag on an entity.

DELETE catalog/v1/entity/type/{typeName}/name/{qualifiedName}/tags/{tagName}

CreateBusinessMetadata

Create business metadata.

POST catalog/v1/entity/businessmetadata

UpdateBusinessMetadata

Update business metadata.

PUT catalog/v1/entity/businessmetadata

DeleteBusinessMetadata

Delete a business metadata on an entity.

DELETE catalog/v1/entity/type/{typeName}/name/{qualifiedName}/businessmetadata/{bmName}

CreateOrUpdateEntity

Create or update entity.

POST catalog/v1/entity

DeleteEntityByTypeAndName

Delete the entity uniquely identified by its type and name.

DELETE catalog/v1/entity/type/{typeName}/name/{qualifiedName}

SearchCatalogUsingBasicQuery

Retrieve data for the specified full text query.

GET catalog/v1/search/basic

SearchCatalogUsingAttributes

Retrieve data for the specified attribute search query.

GET catalog/v1/search/attribute

CreateTagDefs

Create tag definitions.

POST catalog/v1/types/tagdefs

UpdateTagDefs

Update tag definitions.

PUT catalog/v1/types/tagdefs

DeleteTagDef

Delete tag definitions identified by its name.

DELETE catalog/v1/types/tagdefs/{tagName}

CreateBusinessMetadataDefs

Create business metadata definitions.

POST catalog/v1/types/businessmetadatadefs

UpdateBusinessMetadataDefs

Update business metada definitions.

PUT catalog/v1/types/businessmetadatadefs

DeleteBusinessMetadataDef

Delete business metadata definition identified by its name.

DELETE catalog/v1/types/businessmetadatadefs/{bmName}